| |
| |
Foreword | |
| |
| |
Preface | |
| |
| |
Acknowledgments | |
| |
| |
| |
Introduction | |
| |
| |
| |
What Is Cyber Security? | |
| |
| |
| |
What Is Cyber Security Policy? | |
| |
| |
| |
Domains of Cyber Security Policy | |
| |
| |
| |
Laws and Regulations | |
| |
| |
| |
Enterprise Policy | |
| |
| |
| |
Technology Operations | |
| |
| |
| |
Technology Configuration | |
| |
| |
| |
Strategy versus Policy | |
| |
| |
| |
Cyber Security Evolution | |
| |
| |
| |
Productivity | |
| |
| |
| |
Internet | |
| |
| |
| |
e-Commerce | |
| |
| |
| |
Countermeasures | |
| |
| |
| |
Challenges | |
| |
| |
| |
Cyber Security Objectives | |
| |
| |
| |
Cyber Security Metrics | |
| |
| |
| |
Security Management Goals | |
| |
| |
| |
Counting Vulnerabilities | |
| |
| |
| |
Security Frameworks | |
| |
| |
| |
e-Commerce Systems | |
| |
| |
| |
Industrial Control Systems | |
| |
| |
| |
Personal Mobile Devices | |
| |
| |
| |
Security Policy Objectives | |
| |
| |
| |
Guidance for Decision Makers | |
| |
| |
| |
Tone at the Top | |
| |
| |
| |
Policy as a Project | |
| |
| |
| |
Cyber Security Management | |
| |
| |
| |
Arriving at Goals | |
| |
| |
| |
Cyber Security Documentation | |
| |
| |
| |
Using the Catalog | |
| |
| |
| |
The Catalog Approach | |
| |
| |
| |
Catalog Format | |
| |
| |
| |
Cyber Security Policy Taxonomy | |
| |
| |
| |
Cyber Security Policy Catalog | |
| |
| |
| |
Cyber Governance Issues | |
| |
| |
| |
Net Neutrality | |
| |
| |
| |
Internet Names and Numbers | |
| |
| |
| |
Copyrights and Trademarks | |
| |
| |
| |
Email and Messaging | |
| |
| |
| |
Cyber User Issues | |
| |
| |
| |
Malvertising | |
| |
| |
| |
Impersonation | |
| |
| |
| |
Appropriate Use | |
| |
| |
| |
Cyber Crime | |
| |
| |
| |
Geolocation | |
| |
| |
| |
Privacy | |
| |
| |
| |
Cyber Conflict Issues | |
| |
| |
| |
Intellectual Property Theft | |
| |
| |
| |
Cyber Espionage | |
| |
| |
| |
Cyber Sabotage | |
| |
| |
| |
Cyber Warfare | |
| |
| |
| |
Cyber Management Issues | |
| |
| |
| |
Fiduciary Responsibility | |
| |
| |
| |
Risk Management | |
| |
| |
| |
Professional Certification | |
| |
| |
| |
Supply Chain | |
| |
| |
| |
Security Principles | |
| |
| |
| |
Research and Development | |
| |
| |
| |
Cyber Infrastructure Issues | |
| |
| |
| |
Banking and Finance | |
| |
| |
| |
Health Care | |
| |
| |
| |
Industrial Control Systems | |
| |
| |
| |
One Government's Approach to Cyber Security Policy | |
| |
| |
| |
U.S. Federal Cyber Security Strategy | |
| |
| |
| |
A Brief History of Cyber Security Public Policy Development in the U.S. Federal Government | |
| |
| |
| |
The Bombing of New York's World Trade Center on February 26, 1993 | |
| |
| |
| |
Cyber Attacks against the United States Air Force, March-May 1994: Targeting the Pentagon | |
| |
| |
| |
The Citibank Caper, June-October, 1994: How to Catch a Hacker | |
| |
| |
| |
Murrah Federal Building, Oklahoma City-April 19, 1995: Major Terrorism Events and Their U.S. Outcomes | |
| |
| |
| |
President's Commission on Critical Infrastructure Protection-1996 | |
| |
| |
| |
Presidential Decision Directive 63-1998 | |
| |
| |
| |
National Infrastructure Protection Center (NIPC) and ISACs-1998 | |
| |
| |
| |
Eligible Receiver-1997 | |
| |
| |
| |
Solar Sunrise-1998 | |
| |
| |
| |
Joint Task Force-Computer Network Defense OTF-CND)-1998 | |
| |
| |
| |
Terrorist Attacks against the United States-September 11, 2001 Effects of Catastrophic Events on Transportation System Management and Operations | |
| |
| |
| |
U.S. Government Response to the September 11, 2001 Terrorist Attacks | |
| |
| |
| |
Homeland Security Presidential Directives | |
| |
| |
| |
National Strategies | |
| |
| |
| |
The Rise of Cyber Crime | |
| |
| |
| |
Espionage and Nation-State Actions | |
| |
| |
| |
Policy Response to Growing Espionage Threats: U.S. Cyber Command | |
| |
| |
| |
Congressional Action | |
| |
| |
| |
Summary | |
| |
| |
| |
Conclusion | |
| |
| |
Glossary | |
| |
| |
References | |
| |
| |
Index | |